这是indexloc提供的服务,不要输入任何密码
Skip to content

Add KeystoreAPI #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 27, 2018
Merged

Add KeystoreAPI #224

merged 1 commit into from
Sep 27, 2018

Conversation

@aeolwyr
Copy link
Contributor

@aeolwyr aeolwyr commented Sep 25, 2018

Requires termux-api-package #33.

This patch adds an interface for Android keystore. You can read all the features on that page, but I believe the main benefit of using it is extraction prevention.

In short, Android keystore allows the storage of cryptographic keys inside a secure hardware. The key is generated inside the chip, and it never leaves the hardware - actually the chip does not even have a function to export the secret key.

Even with root privileges, it is not possible to extract these keys.

Instead, the applications ask the chip to sign/verify/encrypt/decrypt a particular piece of data in behalf of them, and the hardware does this inside itself and outputs the result. Again, the secret key always stays inside the chip.

This script provides 5 commands:

  • list: List all the keys stored inside the keystore.
  • generate: Generate a key securely inside the chip.
  • sign: Create a signature for given data.
  • verify: Verify if some signature is valid for given data.
  • delete: Delete the key from the keystore.

(Note that the verify action is for convenience only, due to the way asymmetric encryption works anyone can do the verification given the public key.)

Example commands to test:

  1. termux-keystore generate myAlias -a RSA -s 2048
  2. termux-keystore list
  3. echo "test file" >> testfile
  4. termux-keystore sign myAlias SHA512withRSA < testfile > signature
  5. termux-keystore verify myAlias SHA512withRSA signature < testfile # should return true
  6. echo "different file" >> differentfile
  7. termux-keystore verify myAlias SHA512withRSA signature < differentfile # should return false

Although by itself this is a complete tool, the API becomes much more useful when combined with a middleware that I have created: tergent (short for termux-ssh-agent). This small application is a ssh-agent implementation that uses this backend to store the keys inside the chip. This provides the security of hardware-based tokens without the inconvenience of carrying a separate device - the chip acts as the secure component.

Thanks for reading, and looking forward to any comments.

@aeolwyr aeolwyr mentioned this pull request Sep 25, 2018
Merged
@fornwall fornwall merged commit e3a02a5 into termux:master Sep 27, 2018
@fornwall
Copy link
Member

fornwall commented Sep 27, 2018

Nice!

Version 0.28 of the Termux:API app supports this, and has been submitted to the Play store so should be available as an update shortly!

@landfillbaby
Copy link
Member

landfillbaby commented Sep 27, 2018

could this be used to sign git commits? is there a way to import OpenPGP keys?

@ghost
Copy link

ghost commented Sep 27, 2018
edited by ghost
Loading

is there a way to import OpenPGP keys?

No, there no way to import PGP keys, but on Android 9 or higher it is possible to import non-PGP keys in ASN.1 format. Android keystore uses a special hardware for signing, verifying, encrypting, decrypting.

Read more about it here: https://developer.android.com/training/articles/keystore

@aeolwyr
Copy link
Contributor Author

aeolwyr commented Sep 28, 2018

Thanks for the quick response @fornwall! I will try to properly package the ssh agent so that I can make a proposal for its inclusion in the main repository.

@landfillbaby Unfortunately the API provided by Android only allows the creation of plain RSA/ECDSA signatures. I was able to build a wrapper to convert them to SSH signatures, it might be possible to do the same for PGP too.

@ghost
Copy link

ghost commented Sep 28, 2018
edited by ghost
Loading

it might be possible to do the same for PGP too.

@aeolwyr What about PGP key metadata ? It is not a plain RSA key but also has additional metadata like user id and other.

@aeolwyr
Copy link
Contributor Author

aeolwyr commented Sep 28, 2018

@aeolwyr What about PGP key metadata ? It is not a plain RSA key.

You are definitely right, a wrapper application would need to handle all this metadata, maybe storing them in a file somewhere.

I am not familiar with the internals of PGP, there are probably many more requirements (like managing subkeys). With all this added complexity, I have a feeling this wouldn't be a straightforward project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aeolwyr @fornwall @landfillbaby